Jonathanwd

Name of the Vulnerable Software and Affected Versions Vite versions 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4 Description Vite, a frontend tooling framework for JavaScript, allows retrieval of files blocked by `server.fs.deny` (such as .env and *.crt files) with HTTP 200 responses when specific query parameters like ?raw, ?import&raw, or ?import&url&inline are appended to the request. This occurs when the Vite dev server is exposed to the network and sensitive files are both allowed by `server.fs.allow` and denied by `server.fs.deny`. Recommendations Vite versions 7.1.0 through 7.3.1 should be updated to version 7.3.2 or later. Vite versions 8.0.0 through 8.0.4 should be updated to version 8.0.5 or later.